<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="UTF-8" />
    <meta http-equiv="X-UA-Compatible" content="IE=edge" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <link rel="stylesheet" href="../github-markdown.css" />
    <link rel="stylesheet" href="../custom.css" />
    <script src="../custom.js"></script>
    <title>Multi User Isolation Proctection</title>
  </head>
  <body class="markdown-body">
    <p>
      Protect your personal data by isolating system access to resources with a
      multi-user mechanism
    </p>
    <h2>Create a new User</h2>
    <p>Find <code>New Isolated User</code> from the start menu.</p>
    <ol>
      <li>
        Determine if the new user will be used for a specific application?
      </li>
      <li>
        Enter the app ID (lowercase) or username (disallow spaces or quotes)
      </li>
    </ol>
    <h2>Set File Permissons</h2>
    <details>
      <summary>
        <i>C:\Users</i> are isolated from each other normal users ...
      </summary>
      <br />
      <p>Only supported in NTFS partitions:</p>
      <ul>
        <li>
          Find the files, folders, drives, special devices and objects that need
          to be protected
        </li>
        <li>Right click "Properties" > "Security" > "Edit"</li>
        <li>Add whitelisted user(group) and give "Full Control" permission</li>
        <li>Remove <i>Authenticated Users</i> and <i>Users</i> permissions</li>
        <li>OK</li>
      </ul>
    </details>
    <h2>Install Applications</h2>
    <ol>
      <li>Adjust file permission of installer.</li>
      <li>
        Start the installer, replace <i>ProgramFiles</i> into the absolute path
        of
        <i>%HOMEPATH%\appbin</i>
      </li>
      <li>
        Copy the absolute path of the application. Tweak
        <i>EDITME as &lt;username&gt;</i> at desktop
        <ul>
          <li>Fill in the "Target" content</li>
          <li>Change the path of the icon selection program</li>
        </ul>
      </li>
    </ol>
    <h2>Backup and Restore</h2>
    <details>
      <summary>How to backup? ...</summary>
      <br />
      <p>
        Open the compression software and compress the entire user folder in the
        <i>C:\Users</i> directory.
      </p>
      <p>Recreate the user folder:</p>
      <pre><code>$username = Read-Host username

reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\$((Get-LocalUser $username).SID.Value)" /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\$((Get-LocalUser $username).SID.Value).bak" /f

runas /profile /user:$username "cmd /c exit"
icacls "C:\Users\$username" /grant "${env:USERNAME}:(OI)(CI)(F)" >$null
</code></pre>
      <p>
        Recovery method:
        <br />
        Decompress the compressed backup, overwrite and confirm all.
      </p>
    </details>
  </body>
</html>
